diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json index b66f48240ae..16e40706bac 100644 --- a/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json @@ -2,16 +2,40 @@ "id": "CVE-2022-43843", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-14T01:15:07.453", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:00:44.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080." + }, + { + "lang": "es", + "value": "IBM Spectrum Scale 5.1.5.0 a 5.1.5.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 239080." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,50 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spectrum_scale:5.1.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D316671F-A7DC-44EA-A075-9976F5B91C2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:spectrum_scale:5.1.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "767AB3CF-B1A9-4AFE-93C2-028212F9FBB0" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://https://www.ibm.com/support/pages/node/7094941", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "https://www.ibm.com/support/pages/node/7094941", + "source": "nvd@nist.gov", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json index 0e1419c3400..e2b7f023594 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json @@ -2,15 +2,41 @@ "id": "CVE-2023-41719", "sourceIdentifier": "support@hackerone.com", "published": "2023-12-14T02:15:12.460", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:41:56.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante que se hace pasar por un administrador puede crear una solicitud web espec\u00edfica que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -34,10 +60,98 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", + "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", + "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", + "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", + "matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", + "matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*", + "matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json index d23c1ebfa01..5114eb5d412 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json @@ -2,15 +2,41 @@ "id": "CVE-2023-41720", "sourceIdentifier": "support@hackerone.com", "published": "2023-12-14T02:15:12.670", - "lastModified": "2023-12-14T13:52:06.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:44:28.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad en todas las versiones de Ivanti Connect Secure inferiores a 22.6R2 donde un atacante con un punto de apoyo en un dispositivo Ivanti Connect Secure (ICS) puede escalar sus privilegios explotando una aplicaci\u00f3n instalada vulnerable. Esta vulnerabilidad permite al atacante obtener privilegios de ejecuci\u00f3n elevados en el sistema afectado." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -34,10 +60,97 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", + "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", + "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", + "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:21.9:r1:*:*:*:*:*:*", + "matchCriteriaId": "BD52B87C-4BED-44AE-A959-A316DAF895EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:21.12:r1:*:*:*:*:*:*", + "matchCriteriaId": "8CA29F12-36DE-4FBF-9EE7-7CE4B75AFA61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*", + "matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json index 99eb9d52d15..2f7f460c964 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43042", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-14T01:15:07.897", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:35:21.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874." + }, + { + "lang": "es", + "value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.3 utilizan contrase\u00f1as predeterminadas para un usuario privilegiado. ID de IBM X-Force: 266874." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:storage_virtualize:8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F2F26F12-57A9-4F27-9CEC-17B73F2D976A" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://https://www.ibm.com/support/pages/node/7064976", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43585.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43585.json index 171124a5bc9..24466f58342 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43585.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43585.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43585", "sourceIdentifier": "security@zoom.us", "published": "2023-12-13T23:15:07.463", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:32:59.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access." + }, + { + "lang": "es", + "value": "Un control de acceso inadecuado en la aplicaci\u00f3n Zoom Mobile para iOS y los SDK de Zoom para iOS anteriores a la versi\u00f3n 5.16.5 puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E725B855-C1FD-40B0-B5DD-164CB83D0F53" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "921ABABB-33A6-4B83-844B-236C549B48CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "0141CCFA-C930-4649-8894-4B093AE63848" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44982.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44982.json new file mode 100644 index 00000000000..38aeec40b25 --- /dev/null +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44982.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44982", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-19T01:15:11.477", + "lastModified": "2023-12-19T01:15:11.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-retina-2x/wordpress-wp-retina-2x-plugin-6-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45166.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45166.json index b67165ba457..7ad92e322de 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45166.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45166.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45166", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-13T23:15:07.850", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:19:16.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando piodmgrsu para obtener privilegios elevados. ID de IBM X-Force: 267964." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +58,60 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267964", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7095022", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45170.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45170.json index f421e402dd3..0dc95d17ff9 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45170.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45170.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45170", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-13T23:15:08.017", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:16:53.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando piobe para escalar privilegios o provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267968." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +58,60 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267968", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7095022", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45174.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45174.json index 95ad1e74ca4..95c91b2c6f9 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45174.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45174.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45174", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-13T23:15:08.180", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:15:40.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972." + }, + { + "lang": "es", + "value": "IBM AIX 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir que un usuario local privilegiado aproveche una vulnerabilidad en el comando qdaemon para escalar privilegios o provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 267972." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +58,60 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", + "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267972", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7095022", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json index 60506bf58cd..bc733807c46 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45184", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-14T02:15:12.960", - "lastModified": "2023-12-14T13:52:06.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:52:29.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270." + }, + { + "lang": "es", + "value": "IBM i Access Client Solutions versiones 1.1.2 a 1.1.4 y 1.1.4.3 a 1.1.9.3 podr\u00edan permitir a un atacante obtener una clave de descifrado debido a comprobaciones de autoridad inadecuadas. ID de IBM X-Force: 268270." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.2", + "versionEndIncluding": "1.1.4", + "matchCriteriaId": "531AF116-53A2-47C9-944E-C7E2CA2ADF9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.4.3", + "versionEndExcluding": "1.1.9.4", + "matchCriteriaId": "C30A55A7-E0D8-48B0-96A7-7E93B9A14916" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268270", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7091942", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json index 015fe440696..3e37ed12502 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46247.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46247", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T20:15:49.360", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:27:51.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8." + }, + { + "lang": "es", + "value": "Vyper es un lenguaje de contrato inteligente pit\u00f3nico para la m\u00e1quina virtual Ethereum (EVM). Los contratos que contienen matrices grandes podr\u00edan subasignar la cantidad de ranuras que necesitan en 1. Antes de v0.3.8, el c\u00e1lculo para determinar cu\u00e1ntas ranuras necesitaba una variable de almacenamiento usaba `math.ceil(type_.size_in_bytes / 32)`. El paso de punto flotante intermedio puede producir un error de redondeo si hay suficientes bits configurados en la mantisa IEEE-754. En t\u00e9rminos generales, si `type_.size_in_bytes` es grande (> 2**46) y ligeramente menor que una potencia de 2, el c\u00e1lculo puede sobrestimar cu\u00e1ntas ranuras se necesitan por 1. Si `type_.size_in_bytes` es ligeramente mayor que una potencia de 2, el c\u00e1lculo puede subestimar cu\u00e1ntas ranuras se necesitan por 1. Este problema se solucion\u00f3 en la versi\u00f3n 0.3.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +74,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", + "versionEndExcluding": "0.3.8", + "matchCriteriaId": "CE735083-742D-4FFC-922C-71E242E471F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json index 9fa33c0e435..fe2919869f0 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48660.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48660", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:48.823", - "lastModified": "2023-12-14T17:17:58.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:50:59.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.\n\n" + }, + { + "lang": "es", + "value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de lectura de archivos arbitraria. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para leer archivos arbitrarios del sistema de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.5", + "matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.7", + "matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*", + "matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json index 3bd9267f127..fa618ca210f 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48661.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48661", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.023", - "lastModified": "2023-12-14T17:17:58.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:54:43.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.\n\n" + }, + { + "lang": "es", + "value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de lectura de archivos arbitraria. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad para leer archivos arbitrarios del sistema de destino." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.5", + "matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.7", + "matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*", + "matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json index d4c92b57fcc..0793a1bba8a 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48662.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48662", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-14T16:15:49.227", - "lastModified": "2023-12-14T17:17:58.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:56:38.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.\n\n" + }, + { + "lang": "es", + "value": "Dell vApp Manager, las versiones anteriores a 9.2.4.x contienen una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario malicioso remoto con altos privilegios podr\u00eda explotar esta vulnerabilidad y llevar a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo en el sistema afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.5", + "matchCriteriaId": "A66644ED-0329-4D52-BF77-46FC55D0E509" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.4.7", + "matchCriteriaId": "F7A1C0B1-1991-4B65-8246-CBD559A577B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:eem:*:*:*", + "matchCriteriaId": "8236D1AC-66D0-4BEE-B9DB-C8B2DACE0400" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json index 043264c341a..0fff784bf94 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48770.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48770", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T17:15:08.570", - "lastModified": "2023-12-14T17:17:50.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:42:58.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Nima Saberi Aparat permite almacenar XSS. Este problema afecta a Aparat: desde n/a hasta 1.7.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:uxdev:aparat:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.1", + "matchCriteriaId": "53CC2163-430F-4B61-856E-24A7F49E0D90" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/aparat/wordpress-aparat-plugin-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json index 1b6580a44ab..0d0c0e51561 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48771.json @@ -2,16 +2,40 @@ "id": "CVE-2023-48771", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-14T17:15:08.763", - "lastModified": "2023-12-14T17:17:50.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:39:37.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno \"Aesqe\" Babic File Gallery allows Reflected XSS.This issue affects File Gallery: from n/a through 1.8.5.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Bruno \"Aesqe\" Babic File Gallery permite Reflected XSS. Este problema afecta a File Gallery: desde n/a hasta 1.8.5.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:skyphe:file_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.8.5.4", + "matchCriteriaId": "2EC2966C-5D9E-4241-99AD-83DAAF05E271" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/file-gallery/wordpress-file-gallery-plugin-1-8-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49646.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49646.json index e95fcba66c1..b6c0deb882f 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49646.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49646.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49646", "sourceIdentifier": "security@zoom.us", "published": "2023-12-13T23:15:08.357", - "lastModified": "2023-12-14T13:52:16.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:03:33.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access." + }, + { + "lang": "es", + "value": "La autenticaci\u00f3n incorrecta en Zoom clients anteriores a la versi\u00f3n 5.16.5 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,80 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "0105F955-25C8-4582-BD05-8BCD48BFF3D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "BAE70E1D-8C4A-4EB6-96A8-16C53DB5C79B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.14", + "matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.12", + "matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "AD4CD81C-1F22-45CA-8AB1-D6D59E819759" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.5", + "matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49877.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49877.json index ebec7c8440a..e59cc7ecf2d 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49877.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49877.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49877", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-12-13T21:15:08.040", - "lastModified": "2023-12-13T21:25:53.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:08:47.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and 3957-VEC could allow a remote authenticated user to obtain sensitive information, caused by improper filtering of URLs. By submitting a specially crafted HTTP GET request, an attacker could exploit this vulnerability to view application source code, system configuration information, or other sensitive data related to the Management Interface. IBM X-Force ID: 272651." + }, + { + "lang": "es", + "value": "IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED y 3957-VEC podr\u00eda permitir que un usuario autenticado remotamente obtenga informaci\u00f3n confidencial, causada por un filtrado inadecuado de las URL. Al enviar una solicitud HTTP GET especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ver el c\u00f3digo fuente de la aplicaci\u00f3n, informaci\u00f3n de configuraci\u00f3n del sistema u otros datos confidenciales relacionados con la interfaz de administraci\u00f3n. ID de IBM X-Force: 272651." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,163 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.52.103.23", + "matchCriteriaId": "E6AE6909-E2BD-4E40-ACCF-42539FC45520" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F1F27A40-DCF1-49D5-8550-C9135A7775C2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7760_3957-vec_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "7D6C62B2-B179-40AE-8D3E-0C1C44B129C7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7760_3957-vec:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "75A467BF-72F2-428C-AD92-DAD31C5D1E6B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.52.103.23", + "matchCriteriaId": "6CA58C54-0E7F-40F6-9204-8961A58BCECA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3F009408-2553-4A3D-808A-E390295A66E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3957-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "E04A6F2B-1762-48FD-A794-9E01D1D9E3C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3957-ved:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "29DAE222-4508-4BCA-B17D-2CEBF1A34B4A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:ibm:virtualization_engine_ts7770_3948-ved_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.53.1.21", + "matchCriteriaId": "0DA59D69-2B5C-4728-AF12-6C7D59A9CD38" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:ibm:virtualization_engine_ts7770_3948-ved:r5.3:*:*:*:*:*:*:*", + "matchCriteriaId": "FCDA91D5-7A2D-4047-B3FB-21EF8274C2AA" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272651", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7092383", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json index e7dc02e0711..9a977fb3d1f 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50017.json @@ -2,19 +2,79 @@ "id": "CVE-2023-50017", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-14T19:15:16.297", - "lastModified": "2023-12-14T19:26:01.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T02:36:27.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup" + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /admin/database/backup" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/849200701/cms/blob/main/CSRF%20exists%20in%20the%20backup%20and%20restore%20location.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50246.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50246.json index 04ad746852c..b3be3b15468 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50246.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50246.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50246", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T21:15:08.450", - "lastModified": "2023-12-16T01:15:07.893", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:30:29.763", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -54,22 +84,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jqlang:jq:1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "AB4D6ED1-816E-4FB7-B9EE-188B66543156" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/15/10", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50268.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50268.json index d1aa90e0ff5..26a3cf3cc71 100644 --- a/CVE-2023/CVE-2023-502xx/CVE-2023-50268.json +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50268", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T21:15:09.360", - "lastModified": "2023-12-16T01:15:07.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-19T01:32:51.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -54,26 +84,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jqlang:jq:1.7:*:*:*:*:*:*:*", + "matchCriteriaId": "AB4D6ED1-816E-4FB7-B9EE-188B66543156" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/15/10", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Mailing List" + ] }, { "url": "https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/jqlang/jq/pull/2804", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json new file mode 100644 index 00000000000..b83077796ba --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6314.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-6314", + "sourceIdentifier": "product-security@gg.jp.panasonic.com", + "published": "2023-12-19T01:15:12.157", + "lastModified": "2023-12-19T01:15:12.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro", + "source": "product-security@gg.jp.panasonic.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json new file mode 100644 index 00000000000..05b1c2650d7 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6315.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-6315", + "sourceIdentifier": "product-security@gg.jp.panasonic.com", + "published": "2023-12-19T01:15:12.310", + "lastModified": "2023-12-19T01:15:12.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@gg.jp.panasonic.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro", + "source": "product-security@gg.jp.panasonic.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6488.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6488.json new file mode 100644 index 00000000000..3b33cf8a905 --- /dev/null +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6488.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-6488", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-12-19T02:15:44.870", + "lastModified": "2023-12-19T02:15:44.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/button.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3007660%40shortcodes-ultimate&new=3007660%40shortcodes-ultimate&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6940.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6940.json new file mode 100644 index 00000000000..891e15ad967 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6940.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6940", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-12-19T02:15:45.050", + "lastModified": "2023-12-19T02:15:45.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/c6f59480-ce47-4f78-a3dc-4bd8ca15029c", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 71e91e92b41..b5f6063ca43 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-19T00:55:25.042281+00:00 +2023-12-19T03:00:24.215173+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-19T00:15:08.460000+00:00 +2023-12-19T02:56:38.240000+00:00 ``` ### Last Data Feed Release @@ -23,47 +23,50 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-18T01:00:28.253328+00:00 +2023-12-19T01:00:28.257837+00:00 ``` ### Total Number of included CVEs ```plain -233677 +233682 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` - -* [CVE-2022-45809](CVE-2022/CVE-2022-458xx/CVE-2022-45809.json) (`2023-12-19T00:15:07.130`) -* [CVE-2023-33331](CVE-2023/CVE-2023-333xx/CVE-2023-33331.json) (`2023-12-18T23:15:07.520`) -* [CVE-2023-34168](CVE-2023/CVE-2023-341xx/CVE-2023-34168.json) (`2023-12-18T23:15:07.743`) -* [CVE-2023-47506](CVE-2023/CVE-2023-475xx/CVE-2023-47506.json) (`2023-12-18T23:15:07.933`) -* [CVE-2023-47530](CVE-2023/CVE-2023-475xx/CVE-2023-47530.json) (`2023-12-18T23:15:08.133`) -* [CVE-2023-47558](CVE-2023/CVE-2023-475xx/CVE-2023-47558.json) (`2023-12-18T23:15:08.320`) -* [CVE-2023-49153](CVE-2023/CVE-2023-491xx/CVE-2023-49153.json) (`2023-12-18T23:15:08.503`) -* [CVE-2023-49155](CVE-2023/CVE-2023-491xx/CVE-2023-49155.json) (`2023-12-18T23:15:08.697`) -* [CVE-2023-49163](CVE-2023/CVE-2023-491xx/CVE-2023-49163.json) (`2023-12-18T23:15:08.893`) -* [CVE-2023-49759](CVE-2023/CVE-2023-497xx/CVE-2023-49759.json) (`2023-12-18T23:15:09.083`) -* [CVE-2023-49760](CVE-2023/CVE-2023-497xx/CVE-2023-49760.json) (`2023-12-18T23:15:09.263`) -* [CVE-2023-49761](CVE-2023/CVE-2023-497xx/CVE-2023-49761.json) (`2023-12-18T23:15:09.447`) -* [CVE-2023-49763](CVE-2023/CVE-2023-497xx/CVE-2023-49763.json) (`2023-12-18T23:15:09.630`) -* [CVE-2023-49821](CVE-2023/CVE-2023-498xx/CVE-2023-49821.json) (`2023-12-18T23:15:09.833`) -* [CVE-2023-6927](CVE-2023/CVE-2023-69xx/CVE-2023-6927.json) (`2023-12-18T23:15:10.027`) -* [CVE-2023-46154](CVE-2023/CVE-2023-461xx/CVE-2023-46154.json) (`2023-12-19T00:15:07.360`) -* [CVE-2023-46212](CVE-2023/CVE-2023-462xx/CVE-2023-46212.json) (`2023-12-19T00:15:07.563`) -* [CVE-2023-47754](CVE-2023/CVE-2023-477xx/CVE-2023-47754.json) (`2023-12-19T00:15:07.767`) -* [CVE-2023-48751](CVE-2023/CVE-2023-487xx/CVE-2023-48751.json) (`2023-12-19T00:15:07.977`) -* [CVE-2023-49819](CVE-2023/CVE-2023-498xx/CVE-2023-49819.json) (`2023-12-19T00:15:08.270`) -* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2023-12-19T00:15:08.460`) +Recently added CVEs: `5` +* [CVE-2023-44982](CVE-2023/CVE-2023-449xx/CVE-2023-44982.json) (`2023-12-19T01:15:11.477`) +* [CVE-2023-6314](CVE-2023/CVE-2023-63xx/CVE-2023-6314.json) (`2023-12-19T01:15:12.157`) +* [CVE-2023-6315](CVE-2023/CVE-2023-63xx/CVE-2023-6315.json) (`2023-12-19T01:15:12.310`) +* [CVE-2023-6488](CVE-2023/CVE-2023-64xx/CVE-2023-6488.json) (`2023-12-19T02:15:44.870`) +* [CVE-2023-6940](CVE-2023/CVE-2023-69xx/CVE-2023-6940.json) (`2023-12-19T02:15:45.050`) -### CVEs modified in the last Commit -Recently modified CVEs: `1` +### CVEs modified in the last Commit -* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-19T00:15:08.180`) +Recently modified CVEs: `20` + +* [CVE-2022-43843](CVE-2022/CVE-2022-438xx/CVE-2022-43843.json) (`2023-12-19T02:00:44.520`) +* [CVE-2023-50246](CVE-2023/CVE-2023-502xx/CVE-2023-50246.json) (`2023-12-19T01:30:29.763`) +* [CVE-2023-50268](CVE-2023/CVE-2023-502xx/CVE-2023-50268.json) (`2023-12-19T01:32:51.670`) +* [CVE-2023-43042](CVE-2023/CVE-2023-430xx/CVE-2023-43042.json) (`2023-12-19T01:35:21.737`) +* [CVE-2023-41719](CVE-2023/CVE-2023-417xx/CVE-2023-41719.json) (`2023-12-19T01:41:56.543`) +* [CVE-2023-41720](CVE-2023/CVE-2023-417xx/CVE-2023-41720.json) (`2023-12-19T01:44:28.233`) +* [CVE-2023-45184](CVE-2023/CVE-2023-451xx/CVE-2023-45184.json) (`2023-12-19T01:52:29.017`) +* [CVE-2023-49646](CVE-2023/CVE-2023-496xx/CVE-2023-49646.json) (`2023-12-19T02:03:33.697`) +* [CVE-2023-49877](CVE-2023/CVE-2023-498xx/CVE-2023-49877.json) (`2023-12-19T02:08:47.410`) +* [CVE-2023-45174](CVE-2023/CVE-2023-451xx/CVE-2023-45174.json) (`2023-12-19T02:15:40.817`) +* [CVE-2023-45170](CVE-2023/CVE-2023-451xx/CVE-2023-45170.json) (`2023-12-19T02:16:53.177`) +* [CVE-2023-45166](CVE-2023/CVE-2023-451xx/CVE-2023-45166.json) (`2023-12-19T02:19:16.323`) +* [CVE-2023-46247](CVE-2023/CVE-2023-462xx/CVE-2023-46247.json) (`2023-12-19T02:27:51.333`) +* [CVE-2023-43585](CVE-2023/CVE-2023-435xx/CVE-2023-43585.json) (`2023-12-19T02:32:59.880`) +* [CVE-2023-50017](CVE-2023/CVE-2023-500xx/CVE-2023-50017.json) (`2023-12-19T02:36:27.887`) +* [CVE-2023-48771](CVE-2023/CVE-2023-487xx/CVE-2023-48771.json) (`2023-12-19T02:39:37.777`) +* [CVE-2023-48770](CVE-2023/CVE-2023-487xx/CVE-2023-48770.json) (`2023-12-19T02:42:58.020`) +* [CVE-2023-48660](CVE-2023/CVE-2023-486xx/CVE-2023-48660.json) (`2023-12-19T02:50:59.197`) +* [CVE-2023-48661](CVE-2023/CVE-2023-486xx/CVE-2023-48661.json) (`2023-12-19T02:54:43.227`) +* [CVE-2023-48662](CVE-2023/CVE-2023-486xx/CVE-2023-48662.json) (`2023-12-19T02:56:38.240`) ## Download and Usage